Merge pull request #20 from Lyt99/feature/v1.0.0

add kubeskoop helm chart

charts/kubeskoop/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kubeskoop/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+name: kubeskoop
+description: Promtheus exporter and kernel tracing for OS metrics in kubernetes, with pluggable metric collectors and kernel eBPF tracers.
+type: application
+annotations:
+  category: Analytics
+  licenses: Apache-2.0
+version: 1.0.0
+appVersion: 1.0.0
+icon: https://img.shields.io/github/v/tag/alibaba/kubeskoop
+keywords:
+  - kubeskoop
+  - kubernetes
+  - prometheus
+  - eBPF
+  - ebpf
+  - monitoring
+home: https://github.com/alibaba/kubeskoop
+sources:
+  - https://github.com/alibaba/kubeskoop
+  - https://kubeskoop.io/
+maintainers:
+- name: KubeSkoop
+  url: https://kubeskoop.io/

charts/kubeskoop/README.md

@@ -0,0 +1,57 @@
+# KubeSkoop exporter
+
+## INSTALLATION
+
+```shell
+# Add KubeSkoop charts repo
+helm repo add kubeskoop https://kubeskoop.github.io
+
+# You need to update helm repo info for the first time.
+helm repo update
+
+# Install KubeSkoop exporter.
+helm install -n kubeskoop --create-namespace kubeskoop-exporter kubeskoop/kubeskoop-exporter
+```
+
+You can also install locally if you need to debug the Helm Chart.
+
+```shell
+# Clone KubeSkoop to local disk.
+git clone https://github.com/alibaba/kubeskoop.git
+
+# Install the helm chart locally.
+helm install -n kubeskoop --create-namespace kubeskoop-exporter ./kubeskoop/deploy/kubeskoop-exporter-0.3.0.tgz --debug
+```
+
+KubeSkoop exporter are deployed in DaemonSet. You can check the running status via:
+
+```shell
+# Get pod running status of KubeSkoop exporter
+kubectl get pod -n kubeskoop -l app=kubeskoop-exporter -o wide
+
+# After pods are runing, you can get running status of probes through API server.
+kubectl get --raw /api/v1/namespaces/{{kubeskoop-exporter的pod namespace}}/pods/{{kubeskoop-exporter的pod name}}:9102/proxy/status | jq .
+
+# You can also curl it if you have direct access to the pod IP.
+curl {{kubeskoop-exporter的pod ip}}:9102/status |jq .
+```
+
+## VARIABLES
+
+| Setting                      | Description                                                                                                        | Default                                                   |
+|------------------------------|--------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------|
+| name                         | DaemonSet name of KubeSkoop exporter.                                                                              | `kubeskoop-exporter`                                      |
+| debugMode                    | Enable debug mode for kubeskoop-exporter, with debug interface, debug log level and pprof support.                | `false`                                                   |
+| appName                      | Pod app label.                                                                                                   | `kubeskoop-exporter`                                      |
+| runtimeEndpoint              | CRI runtime endpoint socket, you can use  `crictl info                                                             | awk -F":" '/containerdEndpoint/ {print $2'` to obtain it. | `/run/containerd/containerd.sock`               |
+| image.repository             | Image repository for KubeSkoop exporter container.                                                                 | `kubeskoop/agent`                                         |
+| image.tag                    | Image tag for KubeSkoop exporter container.                                                                        | `latest`                                                  |
+| image.imagePullPolicy        | `imagePullPolicy` for KubeSkoop exporter container.                                                                | `Always`                                                  |
+| initContainer.enabled        | Enable `btfhack` as initContainer to automate discover btf file when kernel does not carry btf information itself. | `true`                                                    |
+| initContainer.repository     | Image repository for `btfhack` container.                                                                          | `registry.cn-hangzhou.aliyuncs.com/acs/btfhack`           |
+| initContainer.tag            | Image tag for `btfhack` container.                                                                                 | `latest`                                                  |
+| initContainer.imagePullPolicy | `imagePullPolicy` for `btfhack` container.                                                                         | `Always`                                                  |
+| config.serverPort            | kubeskoop metrics server port, provide HTTP service.                                                               | 9102                                                      |
+| config.metricsProbes         | Metric probes to enable.                                                                                           | Refer to the probe guide.                                 |
+| config.eventProbes           | Event probes to enable.                                                                                            | Refer to the probe guide.                                 |
+| config.eventSinks            | Sink config for events, stderr/file/loki are supported now.                                                        | 15                                                        |

charts/kubeskoop/templates/configMap.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: kubeskoop-config
+  namespace: {{ .Release.Namespace }}
+data:
+  config.yaml: |-
+    debugmode: {{ .Values.agent.debug }}
+    port: {{ .Values.agent.port }}
+    metrics:
+      probes:
+      {{- toYaml .Values.config.metricProbes | nindent 6 }}
+    event:
+      probes:
+      {{- toYaml .Values.config.eventProbes | nindent 6 }}
+      sinks:
+      {{- toYaml .Values.config.eventSinks | nindent 6 }}

charts/kubeskoop/templates/controller/clusterrole.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.controller.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubeskoop-controller
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - configmaps
+  - namespaces
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets"]
+  verbs: ["get", "list"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["networkpolicies"]
+  verbs: ["get", "list"]
+- apiGroups: ["projectcalico.org", "crd.projectcalico.org"]
+  resources: ["ippools"]
+  verbs: ["get", "list"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+{{- end }}

charts/kubeskoop/templates/controller/clusterrolebinding.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.controller.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubeskoop-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubeskoop-controller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/kubeskoop/templates/controller/configmap.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.controller.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: controller-config
+  namespace: {{ .Release.Namespace }}
+data:
+  controller.yaml: |-
+    logLevel: debug
+    server:
+      httpPort: 10264
+      agentPort: 10263
+    controller:
+      namespace: {{ .Release.Namespace }}
+      prometheus: "{{ .Values.controller.config.prometheusEndpoint }}"
+      loki: "{{ .Values.controller.config.lokiEndpoint }}"
+      database:
+        type: sqlite3
+      diagnose: {}
+    {{- end }}

charts/kubeskoop/templates/controller/deployment.yaml

@@ -0,0 +1,47 @@
+{{- if .Values.controller.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.controller }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: controller
+  template:
+    metadata:
+      name: controller
+      labels:
+        app: controller
+    spec:
+      containers:
+        - name: controller
+          image: "{{ .image.repository }}:{{ .image.tag }}"
+          imagePullPolicy: {{ .image.imagePullPolicy }}
+          command:
+            - "/bin/controller"
+          volumeMounts:
+            - name: lib
+              mountPath: /var/lib/kubeskoop
+            - name: config
+              mountPath: /etc/kubeskoop
+          resources:
+            {{ toYaml .resources | nindent 12 }}
+      {{- with .nodeSelector }}
+      nodeSelector:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .tolerations }}
+      tolerations:
+        {{ toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: lib
+          emptyDir: { }
+        - name: config
+          configMap:
+            name: controller-config
+{{- end }}
+{{- end }}

charts/kubeskoop/templates/controller/role.yaml

@@ -0,0 +1,19 @@
+{{- if .Values.controller.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  resourceNames: ["kubeskoop-config"]
+  verbs: ["get", "update"]
+- apiGroups: [""]
+  resources:
+  - pods
+  verbs: ["get", "list", "watch", "delete", "create"]
+- apiGroups: [""]
+  resources: ["pods/exec", "pods/attach", "pods/portforward"]
+  verbs: ["create", "get", "list", "update", "delete"]
+{{- end }}

charts/kubeskoop/templates/controller/rolebinding.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.controller.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: controller
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+{{- end }}

charts/kubeskoop/templates/controller/service.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.controller.enabled}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: controller
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: controller
+  ports:
+    - name: grpc
+      port: 10263
+      targetPort: 10263
+    - name: http
+      port: 10264
+      targetPort: 10264
+{{- end }}